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1.Which log type does the FortiAnalyzer indicators of compromise feature use to identify infected hosts? 

A. Antivirus logs 

B. Web filter logs 

C. IPS logs 

D. Application control logs 

Answer: B 

Explanation: 

Reference: 

https://help.fortinet.com/fa/faz50hlp/60/6-0-2/Content/FortiAnalyzer_Admin_Guide/3600_FortiView/0200__ 

Using_FortiView/1200_Compromised_hosts_page.htm?TocPath=FortiView%7CUsing%20FortiView%7C 
6 


2.The admin administrator is failing to register a FortiClient EMS on the FortiAnalyzer device. 
What can be the reason for this failure? 

A. FortiAnalyzer is in an HA cluster. 

B. ADOM mode should be set to advanced, in order to register the FortiClient EMS device. 

C. ADOMs are not enabled on FortiAnalyzer. 

D. A separate license is required on FortiAnalyzer in order to register the FortiClient EMS device. 
Answer: C 

Explanation: 

Reference: 

https://help.fortinet.com/fa/faz50hlp/56/5-6-2/F MG-FAZ/0800_ADOMs/0015_FortiClient%20and%20ADO 
Ms.htm 


3.Which two statements are true regarding FortiAnalyzer operating modes? (Choose two.) 

A. When in collector mode, FortiAnalyzer collects logs from multiple devices and forwards these logs in 
the original binary format. 

B. Collector mode is the default operating mode. 

C. When in collector mode. FortiAnalyzer supports event management and reporting features. 

D. By deploying different FortiAnalyzer devices with collector and analyzer mode in a network, you can 
improve the overall performance of log receiving, analysis, and reporting 

Answer: A,D 

Explanation: 

Reference: 

https://docs.fortinet.com/document/fortianalyzer/7 .0.0/administration-guide/22 747 8/collector-mode 
https://docs.fortinet.com/document/fortianalyzer/7 .0.0/administration-guide/3 12644/analyzer-collector-coll 
aboration 


4.Which two settings must you configure on FortiAnalyzer to allow non-local administrators to 
authenticate to FortiAnalyzer with any user account in a single LDAP group? (Choose two.) 
A. A local wildcard administrator account 

B. Aremote LDAP server 

C. A trusted host profile that restricts access to the LDAP group 

D. An administrator group 
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Answer: A,B 
Explanation: 
Reference: https://kb.fortinet.com/kb/documentLink.do?externallD=FD38567 


5.If you upgrade the FortiAnalyzer firmware, which report element can be affected? 

A. Custom datasets 

B. Report scheduling 

C. Report settings 

D. Output profiles 

Answer: A 

Explanation: 
https://docs.fortinet.com/document/fortianalyzer/6.2.5/upgrade-guide/669300/checking-reports 


6.If you upgrade your FortiAnalyzer firmware, what report elements can be affected? 
A. Output profiles 

B. Report settings 

C. Report scheduling 

D. Custom datasets 

Answer: D 


7.What must you configure on FortiAnalyzer to upload a FortiAnalyzer report to a supported external 
server? (Choose two.) 

A. SFTP, FTP, or SCP server 

B. Mail server 

C. Output profile 

D. Report scheduling 

Answer: B,C 

Explanation: 
https://docs.fortinet.com/document/fortianalyzer/6.0.2/administration-guide/598322/creating-output-profil 
es 


8.Which two statements express the advantages of grouping similar reports? (Choose two.) 
A. Improve report completion time. 

B. Conserve disk space on FortiAnalyzer by grouping multiple similar reports. 

C. Reduce the number of hcache tables and improve auto-hcache completion time. 

D. Provides a better summary of reports. 

Answer: A,C 


9.What purposes does the auto-cache setting on reports serve? (Choose two.) 
A. To reduce report generation time 

B. To automatically update the hcache when new logs arrive 

C. To reduce the log insert lag rate 

D. To provide diagnostics on report generation time 

Answer: A,B 
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Explanation: 
Reference: 
https://docs.fortinet.com/document/fortianalyzer/6.0.0/administration-guide/282280/enabling-autocache 


10.What are analytics logs on FortiAnalyzer? 

A. Log type Traffic logs. 

B. Logs that roll over when the log file reaches a specific size. 
C. Logs that are indexed and stored in the SQL. 

D. Raw logs that are compressed and saved to a log file. 
Answer: C 


11.Which two statements are true regarding fabric connectors? (Choose two.) 

A. Configuring fabric connectors to send notification to ITSM platform upon incident creation Is more 
efficient than third-party information from the FortiAnalyzer API. 

B. Fabric connectors allow to save storage costs and improve redundancy. 

C. Storage connector service does not require a separate license to send logs to cloud platform. 

D. Cloud-Out connections allow you to send real-time logs to pubic cloud accounts like Amazon S3, Azure 
Blob, and Google Cloud. 

Answer: A,D 


12.What are two of the key features of FortiAnalyzer? (Choose two.) 
A. Centralized log repository 

B. Cloud-based management 

C. Reports 

D. Virtual domains (VDOMs) 

Answer: A,C 


13.What is the purpose of employing RAID with FortiAnalyzer? 

A. To introduce redundancy to your log data 

B. To provide data separation between ADOMs 

C. To separate analytical and archive data 

D. To back up your logs 

Answer: A 

Explanation: 
https://en.wikipedia.org/wiki/RAID#:~:text=RAID%20(%22Redundant%20Array%200f%20Inexpensive, % 
2C%20performance%20improvement%2C%20o0r%20both. 


